init commit. lets test!

README.md

@@ -1,3 +1,14 @@
 # proxy_centos
 
 This project will setup multiple ip addresses that are assigned to a base CentOS 7 system. We are using OVH as our Cloud Provider in this project. We are using Squid as the proxy in this project.
+
+### Step 1:
+Create a text file with one ip address per line and place it in the `./proxy_centos/bin/` directory. This file is essential and required for the bootstrap process to work.
+
+### Step 2:
+Run bootstrap.sh
+`./bootstrap.sh`
+This will do the following:
+- Install squid proxy
+- Create a new ifcfg-eth0:{index} for every ip address in ./ips.txt
+- Append directives to squid.conf that for adding new ips as listeners.

bin/add_ip_to_squid_conf.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+# this script will add a new ip address to squid config.
+
+IP="$1"
+PORT="$2"
+
+cat << EOF
+http_port $IP:$PORT name=$PORT
+
+acl tasty$PORT myportname $PORT src 0.0.0.0/0
+http_access allow tasty$PORT
+tcp_outgoing_address $IP tasty:$PORT
+EOF

bin/bootstrap.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+# this is the bootstrap script that will do the following:
+# 1. add ip addresses to a centos 7 system
+# 2. install a squid proxy with basic auth username/pass
+# 3. append ip addresses as listeners for each ip added.
+
+# step 1: install squid
+sh install_squid.sh
+
+network_script_dir='/etc/sysconfig/network-scripts'
+squid_conf_dir='/etc/squid/squid.conf'
+
+count=0
+ip_file="./ips.txt"
+squid_port=3128
+
+[[ -f $ip_file ]] || echo "IP address file: $ip_file does not exist. Please create a file in the `pwd` with the names ips.txt. One IP per line." 
+
+while IFS= read -r ip
+do
+	# increment our index for eth0:{index} and our squid port per ip that we have.
+	((count=count+1))
+	((squid_port=squid_port+1))
+		./ifcfg-eth0-template.sh "$ip" "$count" > "${network_script_dir}/ifcfg-eth0:${count}"
+		./add_ips_to_squid_conf.sh "$ip" "$squid_port" >> $squid_conf_dir
+	done < "$ip_file"
+
+	# restart squid after
+	sudo systemctl restart squid

bin/ifcfg-eth0-template.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+# this script will build a network config file on a CentOS 7 system.
+# it is expected to already have a /etc/sysconfig/network-scripts/ifcfg-eth0 file created
+# this is additional ip creation for 1 nic.
+
+IP=$1
+ID=$2
+
+cat << EOF
+BOOTPROTO=static
+DEVICE=eth0:$ID
+IPADDR=$IP
+NETMASK=255.255.255.255
+BROADCAST=$IP
+ONBOOT=yes
+EOF

bin/install_squid.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+
+# update yum
+sudo yum update -y
+
+# install and enable squid proxy
+# install httpd-tools so we can use htpasswd when setting up authentication
+sudo yum -y install squid
+sudo yum -y install httpd-tools
+
+# copy the proxy auth config file
+cp ./configs/squid-proxy-basic-auth.conf /etc/squid/squid.conf
+
+proxy_username="admin"
+proxy_password="ballsofsteel"
+
+# create htpasswd user
+htpasswd -b -c /etc/squid/passwd $proxy_username $proxy_password
+
+sudo systemctl start squid
+sudo systemctl enable squid
+sudo systemctl status squid
+
+# give us ifconfig and vim
+sudo yum install net-tools vim -y
+
+ip_address=$(ip address show | grep 'inet ' | sed -e 's/^.*inet //' -e 's/\/.*$//' | tail -1)
+port='3128'
+
+cat << SQUID
+     ^      Proxy Info:                                               
+   /   \    ---------------------------------                                               
+   \   /    http info: http://$ip_address:$port
+   |   |    ---------------------------------                                               
+   |   |    Username: $proxy_username
+   | 0 |    Password: $proxy_password
+  // ||\\   ---------------------------------                                               
+ (( // ||   
+  \\))  \\                                                 
+//||    ))                                                 
+( ))   //                                                  
+ //   ((                                            
+
+
+SQUID
+

conf/squid-proxy-basic-auth.conf

@@ -0,0 +1,113 @@
+#
+# Recommended minimum configuration:
+#
+
+# Example rule allowing access from your local networks.
+# Adapt to list your (internal) IP networks from where browsing
+# should be allowed
+#
+# THIS ALLOWS INTERNET LISTENING
+acl localnet src 0.0.0.0/0      # the entire internet
+acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
+acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
+acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+acl localnet src fc00::/7       # RFC 4193 local private network range
+acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80          # http
+acl Safe_ports port 21          # ftp
+acl Safe_ports port 443         # https
+acl Safe_ports port 70          # gopher
+acl Safe_ports port 210         # wais
+acl Safe_ports port 1025-65535  # unregistered ports
+acl Safe_ports port 280         # http-mgmt
+acl Safe_ports port 488         # gss-http
+acl Safe_ports port 591         # filemaker
+acl Safe_ports port 777         # multiling http
+acl CONNECT method CONNECT
+
+#
+# Recommended minimum Access Permission configuration:
+#
+# Deny requests to certain unsafe ports
+http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# We strongly recommend the following be uncommented to protect innocent
+# web applications running on the proxy server who think the only
+# one who can access services on "localhost" is a local user
+#http_access deny to_localhost
+
+#
+# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
+#
+
+# Example rule allowing access from your local networks.
+# Adapt localnet in the ACL section to list your (internal) IP networks
+# from where browsing should be allowed
+http_access allow localnet
+http_access allow localhost
+
+# And finally deny all other access to this proxy
+http_access deny all
+
+# Squid normally listens to port 3128
+http_port 3128
+
+# Uncomment and adjust the following to add a disk cache directory.
+#cache_dir ufs /var/spool/squid 100 16 256
+
+# Leave coredumps in the first cache dir
+coredump_dir /var/spool/squid
+
+#
+# Add any of your own refresh_pattern entries above these.
+#
+refresh_pattern ^ftp:           1440    20%     10080
+refresh_pattern ^gopher:        1440    0%      1440
+refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
+refresh_pattern .               0       20%     4320
+
+# for auth
+
+auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
+auth_param basic children 5
+auth_param basic realm Squid proxy-caching web server
+auth_param basic credentialsttl 2 hours
+auth_param basic casesensitive off
+
+# acl for auth
+acl ncsa_users proxy_auth REQUIRED
+http_access allow ncsa_users
+
+###### ADD NEW IP INFO BELOW HERE #######
+#  LOOK AT THE EXAMPLES
+#
+## Add new ips and ports here. increment each port by 1 per ip.
+## http_port ip1:3129 name=3129
+## http_port ip2:3130 name=3130
+## http_port ip3:3131 name=3131
+## http_port ip4:3132 name=3132
+## http_port ip5:3133 name=3133
+## http_port ip6:3134 name=3134
+## http_port ip7:3135 name=3135
+## http_port ip8:3138 name=3138
+## http_port ip9:3139 name=3139
+## http_port ip10:3140 name=3140
+## http_port ip11:3141 name=3141
+#
+# SETUP ACL AND TCP_OUTGOING_CONNECTION TO CORRECT IPS:
+# EXAMPLE BELOW:
+# NOTE: 0.0.0.0/0 listens to the entire internet. toggle this to control which ips can access.
+# you can also control the http_access allow/deny to do this if you want to quickly deny access fast.
+#
+# acl tasty3129 myportname 3129 src 0.0.0.0/0
+# http_access allow tasty3129
+# tcp_outgoing_address ip_address tasty3129